The patterns that bank customers typically follow when choosing a four-digit PIN code gives hackers a 9 percent chance of correctly guessing their ATM code, according to a study from Cambridge University researchers. "
About a quarter stick with their bank-assigned random PIN and over a third choose their PIN using an old phone number, student ID, or other sequence of numbers which is, at least to a guessing attack, statistically random," says Cambridge's Joseph Bonneau. Five percent choose a numeric pattern and 9 percent choose a visual pattern on the keypad, both of which have only a 2 percent chance of being guessed. However, the researchers found that 23 percent of users employ a date as a PIN—often their own birthdate, which attackers could obtain from driver's licenses or other identification that users carry in their wallet.
To bolster the security of four-digit PIN codes, the researchers suggest preventing users from selecting 100 specific codes that would cut a thief's overall chances of guessing a PIN to only 0.2 percent, as well as preventing the use of birthdates as PINs. Still, Bonneau concedes that "too many PINs can be interpreted as dates to blacklist them all, and customer-specific blacklisting using knowledge of the customer's birthday seems impractical."
View Full Article
Abstracts Copyright © 2012 Information Inc. , Bethesda, Maryland, USA